Step 20.5 – Specify RACF authorizations

To connect using TCP/IP, you must define a proper OMVS RACF segment for the user ID and Group ID associated with the IOAGATE started task.
For details on defining an OMVS RACF segment, see the appropriate IBM documentation for this topic.

Users of TOP/SECRET or ACF/2 should refer to their specific product documentation for details about the equivalent definitions in their environment.
If IPv6 is enabled on the system, provide RACF (or other security product) authorization for the IOAGATE user ID to read the following files:
- /etc/ipnodes
- Any other files mentioned in the RESOLVER address space SETUP file statements GLOBALIPNODES and DEFAULTIPNODES.
File access authorization is not required if ESOCKAPI=SAS is defined in the CHANNEL statement of the ECAPARM member. However, this option is not recommended. Refer to Table 40 - Advanced parameters for creating/updating channels in Specifying advanced channel parameters.

The specific security product authorization requirements (if any), can be determined by starting IOAGATE and looking for security product error messages (ICH408I for RACF).

Access authorization can be given by enabling read access to the file using the chmod command.

For example (to allow read access for others):

chmod o+r /etc/ipnodes

The following alternative methods for giving access authorization can be used:
- In the RACF OMVS segment for IOAGATE, set the User Identifier (UID) to the same UID as the owner of the file as displayed by the 'ls –l' command.
- Connect the IOAGATE UID to the same group as the file's group using the RACF CONNECT command.

Parent Topic

Step 20 – Install IOAGATE (optional)